Authentificering med SSL certifikater?

Tilsyneladende har der i 5 uger floreret et falsk Google SSL certifikat. Det er under et halvt år siden Comodo blev kompromiteret og der blev genereret en række falske certifikater. De billige SSL-certifikater kan skaffes bare man kan manipulerer med DNS. (Og DNS uden DNSSEC er slet ikke authentificering).

Var det ikke på tide at vi opgav myten om at den nuværende CA-struktur på nogen måde kan bruges til authentificering af websteder?

Peter Makholms billede
Peter Makholm er Unix-systemudvikler og har en baggrund som studerende på DIKU. Peter blogger om værktøjer, programmering og generelt IT-verden set som Unix-tekniker.

Kommentarer (7)

Troels Arvin

Ja, CA-konceptet er desværre gået hen og blevet pilråddent, så det oplagte spørgsmål bliver: Hvad er alternativet? Personligt håber jeg på, at man på sigt går over til at benytte certificat-hashes i DNS til certifikat-verifikation - i kombination med DNSSEC, selvfølgelig. Men gad vide, hvordan det skrider frem med at nå dertil?

Peter Makholm

Den første artikel jeg linker til henviser til et muligt alternativ: Moxie Marlinspikes Convergece projekt: http://convergence.io/

Men jeg har ikek set nærmere på det.

Certifikater i DNS, sikret med DNSSEC, er en god erstatning for de billige certifikater, men det forhindrer ikke at nogen registrerer of certificerer danskebank.bk og på den måde laver et troværdigt phishing site. DNSSEC er en god ting og en nødvendig ting - men ikke en tilstrækkelig ting.

Aloysius A. Horn

SSL Strip has been arround for a few years now... And therefore the whole question of Certificate Authorities and the way they operate may need to revised... Services that really on SSL i.e. DNSSEC may need to have a re-think... As is google ought to put on there thinking caps and maybe come up with a solution...

Peter Makholm

SSL Strip seems to be unrelated to how CA's works and what CA's are used for? It is a man-in-the-middle attack that depends on redirects between secure and insecure content?

How do you mean that DNSSEC depends on SSL certificates? SSL is partly broken due to DNS being unvalidated, not the other way around.

Aloysius A. Horn

Indeed you are right the relationships are unrelated...
However if you are able to clone or steal a root certificate, or take control of an issuing server, you can easily create fake DNSSEC records etc… DNSSEC is just one of many services that are dependent on certificates. The weak point being the tree structure of the certificate structure. Attack the root and you have the rest… Additionally it is difficult/complicated to revoke certificates that have been published to the internet…
I believe that projects like the “convergence” might be the path to take in the future. Checkout a little coverage from DEFCON curtsy of HAK5: http://www.youtube.com/watch?v=i9e4g7SV244&feature=player_profilepage
I no expert in the subject but is sounds interesting…

Peter Makholm

All systems depending on some information being secret or that some group of individuals can't be bribed can be compromised. If you want to give up now and be a Luddite be my guest, but then I don't think we have anything interesting to discuss.

Basically it is a discussion about risks and disaster recovery. So for the fun of it, let us compare DNSSEC and domain validated SSL certificates:

DNSSEC gives you a strict hierarchy of trust with one responsible entity at each level. With SSL certs you have about 600 CA's with blanket authority to issue any certificate they want.

DNSSEC have very well documented procedures for handling the root issuing key. I would guess that less than 1% of the CA's have the same level of public documentation and the procedures for becoming a generally acknowledged CA is even more obscure and semi-random.

DNSSEC makes it easy to revoke a compromised certificate within a configurable time-to-live. In theory SSL could be revoked instantly but in practice this is disabled. Revoking CA's are even harder as it often requires a security update the users should install.

Real end user support for DNSSEC is immature. For SSL end users are getting used to ignore a number of warnings. Not sure if this talks for or against any solution.

In general DNSSEC does not provide anything like extended validation certificates. This could be solved with "extended validation" TLD's. I'm not sure that the state of the 600 issuing CA's makes me trust EV SSL certs.

DNSSEC is not the final solution. Not even with DANE it will be the final solution. But it is a step ahead of 600 CA's with blanket authority to issue SSL certificates.

Peter Makholm

And where does Convergence fit into this?

I think it will be more of a policy engine than something entirely new. I think that the current CA structure will develop into a number of core notaries. The common mode of operation would be that if 5 out of 100 core notaries validate a certificate it will be considered validated.

This will be more robust than the current situation but require users to bye services from more notaries than the current single CA.

As a replacement of the current domain validated certificates I think that there will be a number of core notaries importing trust from DNSSEC based SSL certificates.

Power users might do something more, but I guess that the above will be the common default set up for normal users.

Log ind eller opret en konto for at skrive kommentarer

IT Businesses